Section 2 of draft-ietf-oauth-v2-bearer-10 describes three methods of sending bearer access tokens in resource requests to resource servers, namely 1) Authorization Request Headers (described in Section 2.1) 2) Form-Encoded Body Parameter (described in Section 2.2) 3) URI Query Parameter (described in Section 2.3)
The specification recommends to use Authorization Request Headers and discourages the other two methods. Unfortunately, there is no background provided why we still describe them. Could someone provide text justifying why they are in there? Ciao Hannes _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth